[Samba] Dns tkey negotiategss: TKEY is unacceptable - potential fix included
Rowland Penny
rpenny at samba.org
Wed Sep 28 12:13:17 UTC 2022
On 28/09/2022 12:27, Rainer Meier via samba wrote:
> > What version of Samba are you using ?
>
> I am on latest gentoo ebuild version 4.16.4 currently.
>
> > However it looks like you are correct, there is code to create the
> > 'dns-host' user, even if it may be incorrect, there is code to create
> > the dnsadmins group, but there doesn't seem to be code to add the user
> > to the group.
>
> Well I have included the description as packages of distributions might
> differ. So line numbering might be different too. Not sure which
> modifications are applied by Gentoo. However I found many reports across
> the internet facing the same problems and instructions on
> <https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable>
> not working. So I am quite sure others face the same problem as well. So
> they do get a non-working "dns-host.DOMAIN.tld" user created instead of
> "dns-host" and it fails to be added to the right security group.
>
> Sure it's possible I am the only one with this specific problem but at
> least the Gentoo Python code seems to suffer from some upper/lowercase
> matching flaws. If this is not an upstream problem I am happy to report
> this to Gentoo package maintainers. However I expected those Python
> modules to be maintained upstream as also the samba_upgradedns tool is
> not introduced by Gentoo but actually part of Samba 4.
It sounds like there is something going on here, the python scripts are
usually used verbatim and the provision __init.py__ script, for a least
the last two years, has the line in question near the top (around line
260, to be precise).
Can I have a copy of the __init.py__ that is giving you the problem ?
Just send it to me directly at 'rpenny @ samba . org' (just remove the
spaces)
>
> Moreover I believe this should be pretty simple to fix.
It sounds that way.
Rowland
>
> Correct me if I am wrong here.
>
>
> best regards,
> Rainer
>
More information about the samba
mailing list